PE Tech Report


Like this article?

Sign up to our free newsletter

Five ransomware prevention tips to thwart future cyber attacks

Ransomware threats are on the rise – WannaCry and Petya are just the beginning. To prevent future cyber threats from causing harm, financial and investment firms should employ security practices that include deep layers of protection. Here are five suggestions to keep in mind: 

  1. Back up. Unfortunately, hackers initiating ransomware attacks aren’t exactly on the up-and-up. After they’ve stolen your files and demanded a ransom, they claim files will be decrypted and restored – but those promises are typically dishonest. Odds are, even if you pay a ransom (which you shouldn’t!), your files won’t be decrypted. That means backups are the only way to successfully recover your data. Ensure you leverage a secure and reliable backup and recovery tool that will de-duplicate, compress, encrypt and securely transfer your data to an offsite data center.


  1. Scan. To construct appropriate defenses against external threats, including ransomware attacks, financial firms should conduct regular vulnerability assessments on their networks. These assessments are critical to detecting actual and likely vulnerabilities, including potentially outdated patches. Vulnerability assessments scan for malware, viruses, backdoors, hosts communicating with botnet-infected systems, known/unknown processes and web services linking to malicious content.


  1. Detect. For security-advanced firms, consider taking a step further and employing continuous intrusion detection and prevention monitoring with a 24x7x365 active threat protection system. Active threat protection is a next-generation managed cyber security solution that combines active human intervention on the part of expert security analysts with real-time threat detection and mitigation tools to handle incident response and remediation. 


  1. Patch. If you rely on a managed service provider (MSP) for cloud services, you may already have this covered. If not: consider leveraging a patch management service to stay ahead of the latest bug and security fixes and reduce the risk of malicious exploits. As widespread ransomware outbreaks have shown us, it’s critical for firms to continually patch Windows servers, workstations and third-party applications to limit the potential risks able to penetrate firm networks. 


  1. Phish. Email wasn’t the culprit with the Petya or WannaCry ransomware variations, but it often is. We strongly recommend financial and investment firms leverage a managed phishing simulation tool to test users’ knowledge and information security awareness on a regular basis. Phishing attacks have reached peak sophistication, and require equally sophisticated levels of awareness on the part of end users to prevent scams before they cause irreparable harm. 

For more tips, tricks and best practices on cybersecurity, visit  

Like this article? Sign up to our free newsletter